Page MenuHome GnuPG

libksba: possible NULL pointer dereference
Closed, ResolvedPublic

Description

There is one more new possible NULL pointer dereference in libksba (similar one for LONG and MEM types):

1. libksba-1.5.1/src/asn1-func.c:169:29: warning[-Wanalyzer-null-dereference]: dereference of NULL 'value'
13. libksba-1.5.1/src/asn1-func.c:44: included_from: Included from here.
15. libksba-1.5.1/src/asn1-func.c:185:3: note: in expansion of macro 'return_if_fail'
21. libksba-1.5.1/src/asn1-func.c:44: included_from: Included from here.
23. libksba-1.5.1/src/asn1-func.c:130:3: note: in expansion of macro 'return_if_fail'
29. libksba-1.5.1/src/asn1-func.c:44: included_from: Included from here.
31. libksba-1.5.1/src/asn1-func.c:168:7: note: in expansion of macro 'return_if_fail'
#   167|       case VALTYPE_ULONG:
#   168|         return_if_fail (sizeof (unsigned long) == len);
#   169|->       node->value.v_ulong = *(unsigned long *)value;
#   170|         break;
#   171|

It should be fixed with the simple check for NULL, especially when the comment above the function says:

[...] With VALUE of NULL or LEN of 0 the value field is deleted

Event Timeline

werner added a subscriber: werner.

I added some asserts. However I doubt that it can be hit by LibKSBA. I also fixed a real bug related to VALTYPE_BOOL - but that is also not used in Libksba.

werner claimed this task.